Sunday, February 05, 2006

Staying Secure - Virtually

There are lots of bad things that can impact you pc: viruses, trojans, malware...beta software and just plain bad code. One of the ways you can mitigate negative impact on your dearly-beloved pc is to do your computing in a virtual environment. This post isn't intended to be a how-to-guide--think of it more like a "what-is-capable/FYI" guide.

The Wikipedia has a very good article about virtual machines. Basically, you can install a virtual machine on your pc, then use that to run a "virtual" system. I've heard these referred to as "sandboxes" -- although I think I would call them "Las Vegases" as in "what happens in Vegas, stays in Vegas." Get the drift? Because the virtual machine protects your "real" operating system, you can browse, load, run, uninstall, test, etc software to your heart's content. If something bad happens, it only croaks the virtual machine. You can either try to fix it, or delete the virtual system file and start over. I suppose something could leak out, but it is very rare and many IT security specialists like to use them, just for that very purpose.

There are a number of virtual machine software applications out there. I haven't had the chance to play with Microsoft's Virtual PCor BOCHS yet. I have used QEMU and VMware very successfully. I captured the image above off my desktop. It shows me browsing the web in a virtual machine session with the Damn Small Linux distribution on my Windows XP system.

As shown, one of the best places to try this concept out with Linux is to use a special build of the aforementioned "Damn Small Linux". It contains a package pre-wrapped with QEMU virtual machine. The trick to finding this one is to look for a download build with "embedded" in the name. The current version at this time is dsl-2.1b-embedded.zip Just go to the site, or click on this download link to their site and find a mirror. Then browse the tree until you find a version. This distribution is very good, but stripped down because of size constraints of the developers. So some Windows users may find the features a little lacking--however sysadmins and Linux folks will know that there are a ton of applications and features for use just under the surface.

The other virtual machine you can do a lot with is VMware. Along with their commercial software, they offer VMware Player. This is a free virtual machine you can download and install on your Windows pc as well. They kindly offer several virtual machine "images" for you to run on their software. If you are just getting your feet wet, and would like to have some added security while you surf the web, try out their "Browser Appliance" virtual machine. It allows you to run Firefox in a protected "virtual machine" state.

Once you have gotten the bug, some really clever users of VMware Player have figured out how to extend the capabilities. By using QEMU, you can create a blank "virtual hard-drive" file. Then, with a little knowledge gleaned from the "experts", you can modify the text file VMware uses to "boot" the virtual image. Why is this good? Well, stay with me on this....

Why would you care to make a blank virtual hard-drive file? So you can put just about any image or Windows/Linux OS (and I've heard Mac software can be run as well.) on it you'd like! I've successfully created a "virtual Windows XP" image, running on my real Windows XP system! Or try out some Linux distributions. If you are really clever and patient, you can actually create a "perfect OS image" (whatever that is to you) and save that file. Then if you bomb out or toast your virtual machine, delete the existing file, and restore it with the copy you made prior to your "testing!" It is really handy in enterprise environments for image creation.

There is a lot of stuff you can do. Go read the link above, then check out these additional VMware guides from John Bokma, Lorenzo Ferrara, and Alessandro Perilli. Each of them has done incredible work building and documenting VMware Player image creation and usage. Follow their links as they can point you to additional VMware resources. There are even some web-based and some local-install applications you can find that will help create the initialization file for you--although it's very easy to do yourself.

Once you have seen just what VMware's software is capable of, I strongly urge you to purchase their full VMware Workstation software. It lets you do all the things these methods do, and then some. Well worth the purchase price--and we have to support the good folks and companies that offer their products to the masses for free.

It is really fun and addicting trying to find out all the things you can do with virtual machines. I love testing Linux distros using this method on my Windows XP system. Plus it is a good training tool as well. Want to see just how well your malware recovery tools/abilities are? Create a virtual Windows system (XP/2000/etc) and then save the image file (as a backup). Now go out and hose your "virtual system" with malware and try to clean it up. Tired? Just delete the image and roll back a copy of your backup image file and start fresh and clean!

On a related note...the other day, I was reading the latest (IN)Secure magazine edition. In it, I was introduced to a product from Trustware called BufferZone. It is a very clever alternative to using "virtual machines" to protect your main O What Trustware's BufferZone software does it to act as a "lifeguard" and filters each program you execute. Those that you trust get full rights to do what they want on your system; those that you don't get restricted. Because it runs on the real system, there are no file or application sharing barriers. It is a novel concept. The company actually claims that if you use their application, you no longer need any anti-virus or malware software. I don't know if I would be that brave--no matter how good their product is--but that's just my personal comfort level at work. Trustware offers both Home and Corporate versions. A trial version is available as well for download. I haven't tried it myself, but may just do so...

Credits

Why this? It is the simple blog of a Last Exile fan and is intended to express the enjoyment we derive from studio Gonzo's production. Although we closely relate with those characters, we aren't them in real life. We just want to keep the memory of these incredible young kids alive. So go buy Gonzo's Last Exile DVD's!